The General Data Protection Regulation (GDPR) is already in place, but many companies are not yet ready - more precisely, only 45% of organizations said they had a structured plan to comply with it.
A recent survey also reveals that 54% of large organizations (with more than 5,000 employees) are better prepared to deal with GDPR; in small ones, this index drops to 37%. And, only 24% of companies use external consulting to become compatible.
With this Regulation, individuals have the right to request that their personal data be erased or transferred to another organization. This raises questions as to what tools and processes they will need to implement. For 48% of respondents, it is a challenge to find only personal data in their own banks. In these cases, compliance with the GDPR rules will be an even more serious task.
55% of organizations are not prepared for GDPR
For EU citizens and residents, this is a welcome law. But for US citizens and residents, they will continue to suffer identity theft and data privacy violations in the hands of the same companies the EU is trying to fined and control under this law. The Googles, the Facebooks, the Twitters and most social media will be scrutinized heavily after this day.
Who does the GDPR affect?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting an impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
Fair Use Notice: Images/logos/graphics on this page contains some copyrighted material whose use has not been authorized by the copyright owners. We believe that this not-for-profit, educational, and/or criticism or commentary use on the Web constitutes a fair use of the copyrighted material (as provided for in section 107 of the US Copyright Law).